def test_project_hostlist():
"""test project hostlist"""
pidb = ParsedItemsDb()
pidb.hosts.upsert(ParsedHost(address='127.0.2.1'))
pidb.hosts.upsert(ParsedHost(address='::1'))
ctx = Context(data=pidb)
ctx = project_hostlist(ctx)
expected = ['127.0.2.1', '::1']
assert ctx.data == expected
def upsert(pidb, data):
host = ParsedHost(address=data['address'])
service = ParsedService(host_handle=host.handle,
proto='tcp',
port=data['port'],
state='open:nc')
pidb.hosts.upsert(host)
pidb.services.upsert(service)
return pidb
def _parse_host(ihost):
"""parse host"""
host = ParsedHost(address=ihost.address)
cpe_note = None
if ihost.hostnames:
host.hostnames = list(set(ihost.hostnames))
if not host.hostname:
host.hostname = host.hostnames[0]
for osmatch in ihost.os_match_probabilities():
if osmatch.accuracy == 100:
host.os = osmatch.name
cpe_note = ParsedNote(host_handle=host.handle,
xtype='cpe',
data=json.dumps(osmatch.get_cpe()))
return host, cpe_note
def test_project_servicelist():
"""test project servicelist"""
pidb = ParsedItemsDb()
host = ParsedHost(address='127.0.2.1')
pidb.hosts.upsert(host)
pidb.services.upsert(
ParsedService(host_handle=host.handle, proto='tcp', port='1'))
host = ParsedHost(address='::1')
pidb.hosts.upsert(host)
pidb.services.upsert(
ParsedService(host_handle=host.handle, proto='tcp', port='1'))
ctx = Context(data=pidb)
ctx = project_servicelist(ctx)
expected = ['tcp://127.0.2.1:1', 'tcp://[::1]:1']
assert ctx.data == expected
def test_filter_tarpits(app): # pylint: disable=unused-argument
"""test filter tarpits"""
pidb = ParsedItemsDb()
host = ParsedHost(address='127.0.3.1')
pidb.hosts.upsert(host)
pidb.services.upsert(
ParsedService(host_handle=host.handle, proto='tcp', port=1))
host = ParsedHost(address='127.0.4.1')
pidb.hosts.upsert(host)
for port in range(201):
pidb.services.upsert(
ParsedService(host_handle=host.handle, proto='tcp', port=port))
ctx = Context(job=Job(id='atestjobid'), data=pidb)
ctx = filter_tarpits(ctx)
assert len(ctx.data.hosts) == 1
assert len(ctx.data.services) == 1
def parse_path(cls, path):
"""parse path and returns list of hosts/addresses"""
pidb = ParsedItemsDb()
with ZipFile(path) as fzip:
for fname in filter(lambda x: re.match(cls.ARCHIVE_PATHS, x),
fzip.namelist()):
for addr in file_from_zip(path,
fname).decode('utf-8').splitlines():
pidb.hosts.upsert(ParsedHost(address=addr))
return pidb
def _parse_host(cls, report_item):
"""parse host data from report item"""
host = ParsedHost(address=report_item['host-ip'])
hostnames = []
if 'host-fqdn' in report_item:
hostnames.append(report_item['host-fqdn'])
# host-rdns might contain address
if ('host-rdns' in report_item) and (not cls.is_addr(
report_item['host-rdns'])):
hostnames.append(report_item['host-rdns'])
hostnames = list(set(hostnames))
if hostnames:
host.hostnames = hostnames
if not host.hostname:
host.hostname = host.hostnames[0]
if 'operating-system' in report_item:
host.os = report_item['operating-system']
return host
def parse_path(path):
"""parse data from path"""
pidb = ParsedItemsDb()
data = json.loads(file_from_zip(path, 'output.json'))
for addr, via in data.items():
host = ParsedHost(address=addr)
note = ParsedNote(host_handle=host.handle,
xtype='six_dns_discover.via',
data=json.dumps(via))
pidb.hosts.upsert(host)
pidb.notes.upsert(note)
return pidb
def test_run_group(app): # pylint: disable=unused-argument
"""test run steps by group definition"""
current_app.config['SNER_PLANNER']['step_groups'] = {
'a_test_group': [{
'step': 'project_servicelist'
}]
}
pidb = ParsedItemsDb()
host = ParsedHost(address='127.0.3.1')
service = ParsedService(host_handle=host.handle, proto='tcp', port=1)
pidb.hosts.upsert(host)
pidb.services.upsert(service)
ctx = Context(job=Job(id='atestjobid'), data=pidb)
ctx = run_group(ctx, 'a_test_group')
assert ctx.data == ['tcp://127.0.3.1:1']
def _parse_data(data):
"""parse raw string data"""
pidb = ParsedItemsDb()
host = None
service = None
via_target = None
note = None
for line in data.splitlines():
if line.startswith('Domain:'):
via_target = line.split(' ')[-1]
if line.startswith('Resolved IP:'):
address = line.split(' ')[-1]
host = ParsedHost(address=address)
if host and line.startswith('Port:'):
port = line.split(' ')[-1]
service = ParsedService(host_handle=host.handle,
proto='tcp',
port=port)
if service and line.startswith('JARM:'):
jarm = line.split(' ')[-1]
if jarm != '00000000000000000000000000000000000000000000000000000000000000':
note = ParsedNote(host_handle=host.handle,
service_handle=service.handle,
via_target=via_target,
xtype='jarm.fp',
data=jarm)
if host and service and note:
pidb.hosts.upsert(host)
pidb.services.upsert(service)
pidb.notes.upsert(note)
return pidb